Skip to main content
Skip table of contents

Tabs in the Diagnostic Tool

This section includes a brief description of each navigation tab and the information presented on the corresponding page.

Overview

Provides an overview of the LogRhythm SIEM deployment topology and information about each component.

  • Download Report. This page can be saved as a .pdf for sharing and printing.
  • General Deployment Information. Customer name, license ID, and versions of the LogRhythm, KB, EMDB, and SQL Server.
  • Deployment Message Per Second (MPS) – Last 30 Days. Trend graph that shows the total messages processed per second across all DPs in the deployment for the previous 30 days. Also shows the licensed rate for the deployment and the maximum sustained and peak processing rates for the deployment hardware platforms.
  • System Monitors by OS. Pie chart showing all System Monitors grouped by OS type (Windows, Linux, Solaris, HP-UX, AIX).
  • Log Sources by Type. Pie chart showing all Log Sources grouped by Log Source Type (for example, LRFileMon Windows, or Registry Monitor).
  • Deployment Topology. Tables showing information for each LogRhythm component: Platform Manager, Data Processors, DX Clusters, DX Nodes, AI Engines, Web Consoles, and NetMons.
  • Web Console. Table showing information for each non-XM Web Console node configured on the LogRhythm Diagnostics Credentials page.
  • Network Monitors. Table listing NetMons configured in the LogRhythm Client Console.

Platform Manager

Provides detailed information about the PM component.

  • General Information. Hostname, IP address, model, log level, LogMart server, and rates (events and LogMart).
  • Disk Utilization. Bar graph and table showing file system, mount point, size, free size, and % used for each local disk on the component.
  • Enabled GLPRs. Table of enabled GLPRs and their sort order, modified date, and expiration date.
  • Enabled Alarm Rules. Table of enabled Alarm Rules and their rule group, type, and modified date.
  • Enabled KB Modules. Table of enabled Knowledge Base Modules, their version, and their modified date.
  • LogRhythm Diagnostic Alarms – Last 24 Hours. Table of the previous 24 hours of LogRhythm Diagnostic Alarms with their IDs, entities, timestamps, statuses, and assigned analysts (if any).
  • SQL Job History. Table of the previous 30 days of LogRhythm SQL Server jobs, along with their steps, status, last run date, duration, and message.
  • System Monitors Pending Acceptance. Table of System Monitors in the acceptance queue. Shows status, System Monitor version, and OS type.
  • Log Sources Pending Acceptance. Table of Log Sources in the acceptance queue. Shows status, log interface (Syslog, NetFlow, sflow, SNMP trap), the collection agent, and the last-seen date.
  • Quiet System Monitors. Table showing the 50 quietest System Monitors (System Monitors that have not sent a heartbeat in a long time).
  • Quiet Log Sources. Table showing the 50 quietest Log Sources (Log Sources that have not sent a log in a long time).
  • Service Status. The service, display name, and status (running, stopped, paused) of each LogRhythm service on the component.
  • Performance Counters. A point-in-time snapshot of all the LogRhythm and Logical Disk Windows Performance Counters for the component.

Data Processors

Provides detailed information about each DP component.

  • General Information. Hostname, IP address, model, log level, version, DX cluster, mode, last heartbeat, maximum service memory, active and inactive archive paths, and rates (licensed, processing, and archiving).
  • 30-day Trend Chart. Shows MPS for the DP against its licensed, sustained, and peak rates.
  • Disk Utilization. Bar graph and table showing file system, mount point, size, free size, and % used for each local disk on the component.
  • Spool File Information. The number and size of the Mediator service’s spooled event files, unprocessed logs files, unprocessed archive files, DX reliable persist files, and AIE Provider suspense files.
  • Service Status. The service, display name, and status (running, stopped, paused) of each LogRhythm service on the component.
  • Performance Counters. A point-in-time snapshot of all the LogRhythm and Logical Disk Windows Performance Counters for the component.

Data Indexers

Provides detailed information about each DX component.

  • General Information. Hostname, IP address, OS, model, node name, cluster, indexing rate, and the following statistics: disk percent used, heap used, active indexes, archive indexes, and logs indexed in the past hour.
  • Disk Utilization. Bar graph and table showing file system, mount point, size, free size, and % used for each local disk on the component.
  • Service Status. The service, display name, and status (running, stopped, paused) of each LogRhythm service on the component.

AI Engines

Provides detailed information about each AIE component.

  • General Information. Hostname, IP address, model, log level, and rates (licensed and processing).
  • Disk Utilization. Bar graph and table showing file system, mount point, size, free size, and % used for each local disk on the component.
  • Enabled AIE Rules. Table showing all enabled AIE rules, their status, whether their alarms are enabled, and the last time they were modified.
  • AIE Rule Performance. Table showing the following statistics for each enable AIE rule: runtime cost, unshared memory cost, unshared memory size, recent events forwarded minutes, and recent events feedback minutes.
  • Spool File Information. The number and size of the AI Engine service’s spooled data, dataread, and dataerror files.
  • Service Status. The service, display name, and status (running, stopped, paused) of each LogRhythm service on the component.
  • Performance Counters. A point-in-time snapshot of all the LogRhythm and Logical Disk Windows Performance Counters for the component.

Web Consoles

Provides detailed information about each Web Console component. Web Console components include standalone Web Console nodes.

  • General Information. Hostname and IP address.
  • Disk Utilization. Bar graph and table showing file system, mount point, size, free size, and % used for each local disk on the component.
  • Service Status. The service, display name, and status (running, stopped, paused) of each LogRhythm service on the component.
  • Performance Counters. A point-in-time snapshot of all the Logical Disk Windows Performance Counters for the component.

Reports

The Reports tab provides the Health Check report. This report can be downloaded as a separate PDF via the Download Report icon in the top-right corner of the page. The Health Check report can also be included in an export .zip file using the Include Health Check report check box. The Health Check report consists of several sections:

  • Download Report. This page can be saved as a .pdf for sharing and printing.
  • Account Details. General information about the deployment.
  • Findings and Recommendations. Analysts can augment a Health Check report with findings and recommendations.
  • Deployment Topology and Overview. Provides LogRhythm topology and each component’s general information.
  • LogRhythm Knowledge Base. Provides information about the installed Knowledge Base as well as all enabled Knowledge Base modules.
  • Component Logical Disk Utilization. Provides Logical Disk statistical information for each LogRhythm component.
  • LogRhythm Services. Shows LogRhythm service status for each LogRhythm component in the deployment.
  • Log Volume Trend Charts. Top 10 Charts, Log Volume by System Monitor (Top 25), Log Volume by Log Source Type, and Log Volume by Data Processor.
  • Deployment 30 Day Trend Charts. Includes charts for Logs Processed, Identified, Archived, Events, Alarms, Indexed, and Analyzed.
  • Database Overview and Utilization. Shows database free space information, LogRhythm database versions, last updates, and backup information.
  • Capacity Planning. Shows current rates and oversubscription analysis based on licensed and appliance platform rates.
  • License Information Report. Shows a table of installed LogRhythm licenses, their counts, and availability and expiration dates (if applicable). This also includes the License Metering Report, which displays MPS rates and overages (if applicable).

Utilization

This tab displays the utilization of the system with respect to processing, archiving, and indexing. Performs a detailed analysis based on current, licensed, and platform-specified rates.

  • Download Report. This page can be saved as a .pdf for sharing and printing.
  • 30-day Trend Chart. Shows MPS for the deployment against its licensed, sustained, and peak rates.
  • Top 10 System Monitors by Volume. Shows top 10 system monitors by volume over the previous 24 hours.
  • Top 10 Log Sources by Volume. Shows top 10 log sources by volume over the previous 24 hours.
  • Top 10 Log Source Types by Volume. Shows top 10 log source types by volume over the previous 24 hours.
  • Top 10 Alarms – Last 24 Hours. Shows top 10 alarms by volume over the previous 24 hours.
  • Current Rates (in MPS) for the Last Hour, Last Day, and Last 7 Days.
  • Platform Manager: Events, LogMart, Alarms
    • Data Processor: Processing, Indexing, Archiving
    • DX Cluster: Indexing
    • AI Engine: Processing
  • Log Volume Trends. Top 10 Charts, Log Volume by System Monitor (Top 25), Log Volume by Log Source Type, and Log Volume by Data Processor.
  • Database Overview and Utilization. Shows database free space information, LogRhythm database versions, last updates, and backup information.
  • Oversubscription Analysis.
    • Calculates Hours Over Max Sustained Rate and Minutes Over Max Peak Rate over the previous day, 7 days, and 30 days. Applies to PM events, LogMart, and DP processing and archiving.
    • The definitions and measurements are based on the LogRhythm platform sizing and specification guides. Using these numbers empirically demonstrates whether the deployment is operating within specification and capacity or if it is oversubscribed.
  • License Report. Shows the LogRhythm license details for the deployment, including expiration dates and licensed, assigned, and available quantities.
  • Max Hourly MPS By Day. Shows the peak hour’s rate for the previous 30 days based on the average messages per second processed. Also compares that number to the licensed MPS rate.
  • Capacity Planning. Shows current rates and oversubscription analysis based on licensed and appliance platform rates.

Credentials

Allows users to specify credentials and port for each LogRhythm Diagnostics Agent in the deployment, as well as SSH credentials for each LogRhythm Linux Data Indexer. Users can add Web Consoles to their deployment topology using the Add Web Console button.

Export

Allows users to gather all data into a .zip file for analysis or submission to LogRhythm Customer Support. The LogRhythm Diagnostics Tool contains two export profiles—Health Check and Logs. The Health Check export is the larger of the two and contains an array of output including SQL queries, perfmon counter data, disk space data, LogRhythm service status, Elasticsearch JSON, and LogRhythm component logs. The Logs export profile contains only LogRhythm component log data, MSSQL error log information, and the LogRhythm Diagnostics Agent log. Additionally, checking the Include Health Check report checkbox on the Export page includes a Health Check report in the export .zip file. Optionally, exported .zip files can be encrypted with a password.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.